For weeks, the cybersecurity world has braced for destructive hacking that might accompany or presage a Russian invasion of Ukraine. Now, the first wave of those attacks appear to have arrived. While so far on a small scale, the campaign uses techniques that hint at a rerun of Russia’s massively disruptive campaign of cyberwar that […]
On Friday, Russia did the previously unimaginable: It actually arrested a bunch of ransomware operators. Not only that, but members of the notorious group REvil, which has been behind some of the biggest attacks of the past several years, including the ones on IT management firm Kaseya and meat giant JBS. Russian president Vladimir Putin […]
“I think being concerned about Russia’s ulterior motives [for conducting the REvil arrests] is perfectly reasonable,” says John Hultquist, vice president of threat intelligence at the security firm Mandiant. “This essentially is a feather in their cap and you could definitely take a cynical view of it and think that it’s all signaling. But I […]
This week, we reported that Signal has gone forward with its controversial cryptocurrency integration. All of the encrypted messaging app’s users now have access to MobileCoin, a privacy-focused cryptocurrency that US exchanges still don’t offer. The intent is to give monetary transactions the same protection from surveillance that Signal brought to messaging. But skeptics worry […]
In the spring of 2021, the encrypted communications app Signal announced that it would add a payments feature in beta for its users in the UK, testing out an integration with a relatively new, privacy-focused cryptocurrency called MobileCoin. But a much broader phase of that experiment has quietly been underway since mid-November. That’s when Signal […]
It feels like the world has a lot of Pandora’s boxes open at once right now. Last week another crisis came into view with disclosure of a vulnerability in the widely used open source Apache logging library Log4j. Since then, system administrators, incident responders, and governments have been scrambling to install patches and reduce the […]
Apologies to anyone who was hoping for a quiet December on the cybersecurity front. Late in the week, a vulnerability in Apache’s Log4j logging framework exposed large swaths of the internet to relatively simple hacking. There’s not much you can do to protect yourself here, since the issue is largely server-focused, but the full fallout […]
A vulnerability in a widely used logging library has become a full-blown security meltdown, affecting digital systems across the internet. Hackers are already attempting to exploit it, but even as fixes emerge, researchers warn that the flaw could have serious repercussions worldwide. The problem lies in Log4j, a ubiquitous, open source Apache logging framework that […]
For months, hackers have targeted Iran’s public infrastructure, hitting everything from trains to gas stations to airlines. It appears to be an escalation in long-running tensions with Israel—one that shows how cyberattacks can have impact in the real world. In this case those repercussions are particularly concerning because they’re felt primarily by civilians. In […]
For years, Facebook has given its users the option of protecting their accounts with two-factor authentication. Soon, the platform’s highest-risk users will no longer have a choice: The social network will require them to lock up their profiles with more than just a password. Good. Facebook’s parent company, Meta, has required since last year that […]